Merge pull request civicrm#11205 from agileware/CRM-20166

CRM-20166: Making CVV always required for front-end pages.
ixiam · Jan 10, 2018 · d14b0c4 · d14b0c4
2 parents 3ebc9c6 + 6030ba3
commit d14b0c4
Show file tree

Hide file tree

Showing 2 changed files with 31 additions and 1 deletion.
diff --git a/CRM/Core/Payment.php b/CRM/Core/Payment.php
@@ -662,6 +662,10 @@ protected function getDirectDebitFormFields() {
   public function getPaymentFormFieldsMetadata() {
     //@todo convert credit card type into an option value
     $creditCardType = array('' => ts('- select -')) + CRM_Contribute_PseudoConstant::creditCard();
+    $isCVVRequired = Civi::settings()->get('cvv_backoffice_required');
+    if (!$this->isBackOffice()) {
+      $isCVVRequired = TRUE;
+    }
     return array(
       'credit_card_number' => array(
         'htmlType' => 'text',
@@ -686,7 +690,7 @@ public function getPaymentFormFieldsMetadata() {
           'maxlength' => 10,
           'autocomplete' => 'off',
         ),
-        'is_required' => Civi::settings()->get('cvv_backoffice_required'),
+        'is_required' => $isCVVRequired,
         'rules' => array(
           array(
             'rule_message' => ts('Please enter a valid value for your card security code. This is usually the last 3-4 digits on the card\'s signature panel.'),

diff --git a/tests/phpunit/CRM/Core/PaymentTest.php b/tests/phpunit/CRM/Core/PaymentTest.php
@@ -46,6 +46,32 @@ public function testHandlePaymentMethodLogging() {
     $this->assertEquals('payment_notification processor_name=Paypal', $log['values'][$log['id']]['message']);
   }
 
+  /**
+   * Test that CVV is always required for front facing pages.
+   */
+  public function testCVVSettingForContributionPages() {
+    Civi::settings()->set('cvv_backoffice_required', 0);
+    $processor = NULL;
+    $dummyPayment = new CRM_Core_Payment_Dummy("test", $processor);
+    $dummyPayment->setBackOffice(TRUE);
+    $paymentMetaData = $dummyPayment->getPaymentFormFieldsMetadata();
+    $this->assertEquals(0, $paymentMetaData["cvv2"]["is_required"], "CVV should be non required for back office.");
+
+    $dummyPayment->setBackOffice(FALSE);
+    $paymentMetaData = $dummyPayment->getPaymentFormFieldsMetadata();
+    $this->assertEquals(1, $paymentMetaData["cvv2"]["is_required"], "CVV should always be required for front office.");
+
+    Civi::settings()->set('cvv_backoffice_required', 1);
+
+    $dummyPayment->setBackOffice(TRUE);
+    $paymentMetaData = $dummyPayment->getPaymentFormFieldsMetadata();
+    $this->assertEquals(1, $paymentMetaData["cvv2"]["is_required"], "CVV should be required for back office.");
+
+    $dummyPayment->setBackOffice(FALSE);
+    $paymentMetaData = $dummyPayment->getPaymentFormFieldsMetadata();
+    $this->assertEquals(1, $paymentMetaData["cvv2"]["is_required"], "CVV should always be required for front office.");
+  }
+
   public function testSettingUrl() {
     /** @var CRM_Core_Payment_Dummy $processor */
     $processor = \Civi\Payment\System::singleton()->getById($this->processorCreate());